From: Mark Andrews Date: Wed, 8 Jul 2020 03:18:31 +0000 (+1000) Subject: Don't verify the zone when setting expire to "now+1s" as it can fail X-Git-Tag: v9.17.4~58^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a0e8a11cc6f61ec5f16370cfd9888e5758a3f391;p=thirdparty%2Fbind9.git Don't verify the zone when setting expire to "now+1s" as it can fail as too much wall clock time may have elapsed. Also capture signzone output for forensic analysis --- diff --git a/bin/tests/system/statschannel/clean.sh b/bin/tests/system/statschannel/clean.sh index 4904d91e43d..bf5d3b39771 100644 --- a/bin/tests/system/statschannel/clean.sh +++ b/bin/tests/system/statschannel/clean.sh @@ -9,21 +9,22 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f traffic traffic.out.* traffic.json.* traffic.xml.* -rm -f zones zones.out.* zones.json.* zones.xml.* zones.expect.* +rm -f compressed.headers regular.headers compressed.out regular.out rm -f dig.out* -rm -f ns*/named.memstats +rm -f ns*/managed-keys.bind* rm -f ns*/named.conf -rm -f ns*/named.run* rm -f ns*/named.lock +rm -f ns*/named.memstats +rm -f ns*/named.run* rm -f ns*/named.stats -rm -f xml.*stats json.*stats -rm -f xml.*mem json.*mem -rm -f compressed.headers regular.headers compressed.out regular.out -rm -f ns*/managed-keys.bind* +rm -f ns*/signzone.out.* +rm -f ns2/*.db.signed* ns2/dsset-*. ns2/*.jbk rm -f ns2/Kdnssec* ns2/dnssec.*.id rm -f ns2/Kmanykeys* ns2/manykeys.*.id -rm -f ns2/*.db.signed* ns2/dsset-*. ns2/*.jbk rm -f ns2/dnssec.db.signed* ns2/dsset-dnssec. rm -f ns3/*.db +rm -f traffic traffic.out.* traffic.json.* traffic.xml.* +rm -f xml.*mem json.*mem +rm -f xml.*stats json.*stats +rm -f zones zones.out.* zones.json.* zones.xml.* zones.expect.* rm -rf ./.cache ./__pycache__ diff --git a/bin/tests/system/statschannel/ns2/sign.sh b/bin/tests/system/statschannel/ns2/sign.sh index 669adec3ec0..f772c0f2b15 100644 --- a/bin/tests/system/statschannel/ns2/sign.sh +++ b/bin/tests/system/statschannel/ns2/sign.sh @@ -20,7 +20,7 @@ zonefile=dnssec.db.signed ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") # Sign deliberately with a very short expiration date. -"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1 +"$SIGNER" -P -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > "signzone.out.$zone" 2>&1 keyfile_to_key_id "$ksk" > dnssec.ksk.id keyfile_to_key_id "$zsk" > dnssec.zsk.id @@ -34,7 +34,7 @@ zsk13=$("$KEYGEN" -q -a ECDSAP256SHA256 -b 256 "$zone") ksk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -b 384 -f KSK "$zone") zsk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -b 384 "$zone") # Sign deliberately with a very short expiration date. -"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1 +"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > "signzone.out.$zone" 2>&1 keyfile_to_key_id "$ksk8" > manykeys.ksk8.id keyfile_to_key_id "$zsk8" > manykeys.zsk8.id keyfile_to_key_id "$ksk13" > manykeys.ksk13.id